Microsoft Intune
Microsoft Intune is an endpoint management solution that manages user access to organizational resources. When integrated with AssetExplorer Cloud, you can import asset information from Microsoft Intune into AssetExplorer Cloud.
Benefits of Integrating AssetExplorer Cloud with Microsoft Intune
- Periodically sync device information between Microsoft Intune and AssetExplorer Cloud.
- View and manage assets from a single location.
- Perform several Intune actions such as restart, sync, wipe, retire, send notifications, and delete imported assets.
- Associate requests and contracts with imported devices.
Enable Microsoft Intune Integration
- Go to Setup > Apps & Add-ons > Integrations > Third Party Integrations.
- On the Microsoft Intune card, click the toggle button to enable integration.
Configure Intune Actions
Intune Actions | Explanation |
Sync | Forces devices to sync with Microsoft Intune and imports any pending actions or policies assigned to the devices. |
Wipe | Restores devices to their default factory settings. Both organization and personal data will be removed from the devices. This action is not supported for macOS and iOS devices. |
Restart | Restarts the device without informing the device owner. |
Retire | Removes the selected devices from Microsoft Intune and deletes its managed app data, settings, and assigned email profiles. Retired devices will no longer have access to organization resources. |
Delete | Removes selected devices from Microsoft Intune. Deleted devices will no longer have access to organization resources. |
Send Notification | Sends custom messages to devices. The notifications will appear on the device lock screen. Intune custom notifications are not supported on macOS and Windows. |
Configure Sync Details
- To configure sync actions, click Configure on the Microsoft Intune card on the integration page.
- Under Sync Settings, configure actions to be performed when an asset is removed from MS Intune:
- Do nothing: Asset data in AssetExplorer Cloud will be left as is.
- Modify asset state to: Asset state in AssetExplorer Cloud will be updated as configured here.
- Delete asset: Asset data will be removed from AssetExplorer Cloud.
- Sync user information from Microsoft intune: When this option is enabled, the primary user of the asset in MS Intune will be added as the resource owner of the asset in AssetExplorer Cloud.
- Under Conditions, configure actions to import devices from MS Intune into AssetExplorer Cloud.
- Without criteria: All assets from MS Intune will be imported.
- Based on criteria: Set specific conditions to import the assets.
Preview the list of devices that will be synced into AssetExplorer Cloud by clicking Preview Matching Assets (JSON).
Click Save to save the configurations, or Save and Sync to save the configurations and import the assets from MS Intune instantly.
The imported devices are stored under Assets > IT and classified as smartphones, tablets, or workstations.
- Product name and model
- Device details like IMEI, serial number, network information, and operating system
- The asset names in AssetExplorer Cloud will be based on the device names configured in MS Intune. The Device ID will not be synced.
- Please maintain unique names for your devices in Intune, as the asset names in AssetExplorer Cloud are unique.
The imported devices will contain the Microsoft Intune logo beside their name in the assets list view and on their details page. You can perform several Intune actions such as restart, sync, wipe, retire, send notifications, and delete on imported devices. Click here to learn more.
View Last Synced Information
- Go to Setup > Apps & Add-ons > Integrations > Third Party Integrations.
- On the Microsoft Intune card, click Synced info.
The synced information includes the number of assets that were added, updated, and removed. You can also see details on the next scheduled sync.
Besides viewing the last sync information, you can use Sync now to sync the device manually.
Disable Microsoft Intune Integration
- Go to Setup > Apps & Add-ons > Integrations > Third Party Integrations.
- On the Microsoft Intune card, click the toggle button to disable integration.
Permissions
DeviceManagementManagedDevices.ReadWrite.All
Allows the app to read and write the properties of devices managed by Microsoft Intune; however, it does not allow high-impact operations such as remote wipes and password reset on the device's user.
DeviceManagementManagedDevices.Read.All
Allows the app to read the properties of devices managed by Microsoft Intune.
DeviceManagementManagedDevices.PrivilegedOperations.All
Allows the app to perform remote high-impact actions such as wiping the device or resetting the passcode on devices managed by Microsoft Intune.
FAQs
1. What are the possible causes of assets not being synced into AssetExplorer Cloud from Microsoft Intune after enabling the integration?
Making API requests to retrieve devices from the Intune inventory might not work if the Microsoft account used for authorization doesn't have sufficient permissions in Intune. Make sure either a global administrator or an Intune service administrator account is used for the integration.
To check permissions in Intune,
Go to the Microsoft Endpoint Manager admin center and click Tenant administration > Roles > My permissions.
2. Can the SDAdmin use a different Microsoft account for the integration if SSO is enabled?
You cannot use any other Microsoft account besides the linked account for integrations when logging in with SSO.
To use another Microsoft account, disconnect the linked Microsoft account in Zoho Accounts > Linked accounts and then authorize using the new account credentials.
3. I have enabled Azure/User Sync integration using one Microsoft account. Can I use a different Microsoft account for Intune Integration?
You can only use one Microsoft account for all integrations. To change the Microsoft account for integrations,
Go to Setup > Users & Permissions > Requesters > Import Users > Import from Azure.
Click Disconnect Account and use a new account for the integration.
4. What is the information synced into AssetExplorer Cloud from Microsoft Intune?
Workstations:
AssetExplorer Cloud Fields | MS Intune Fields |
Name | Name |
Service Tag | Serial number |
Serial Number | Serial number |
Model | Model |
Manufacturer | Manufacturer |
Operating System | Operating system |
Version (Operating System) | Operating system version |
Wifi - MAC Address (Network Adapters) | Wifi MAC |
Ethernet - MAC Address (Network Adapters) | Ethernet MAC |
Capacity (Hard Disks) | Total storage space |
Mobile devices:
AssetExplorer Cloud Fields | MS Intune Fields |
Name | Name |
IMEI | IMEI |
Serial Number | Serial number |
Discovered Serial Number | Serial number |
Product Manufacturer | Manufacturer |
Product | Model |
Ethernet - MAC Address (Network Adapters) | Ethernet MAC |
Wifi - MAC Address (Network Adapters) | Wifi MAC |
Platform (Operating System) | Operating system |
OS Name (Operating System) | Operating system |
OS Version (Operating System) | Operating system version |
Total Capacity | Total storage space |
Available Capacity | Free storage space |
5. Why do the workstations imported from Microsoft Intune also appear under Unaudited Workstations?
Unaudited workstations list the workstations that have an unsuccessful scan status or have been unreachable by the probe.
In Intune integration, the asset is not scanned, but the asset information is pulled from Microsoft Intune.
Since the workstations created through the integration haven't interacted with the probe, their scan status isn't set. As a result, they appear under Unaudited Workstations.
6. What are the possible causes of assets of a specific model or product not syncing?
To ensure that devices are synced properly, verify whether the product type is set correctly.
The product type of a device must be set to either Workstation or Server for Windows and macOS devices, and either Smartphone or Tablet for Android and iOS devices. The product type can be viewed under Setup > Customization > Asset Management > Product.
7. How are existing workstations identified and updated in the application instead of being created as new workstations?
When workstations are synced from Microsoft Intune, AssetExplorer Cloud will identify these workstations by their name and service tag.
If the synchronized workstation matches an existing workstation, the new data will replace the existing data.
If no workstation is found with the same properties, a new asset will be created with the newly synchronized workstation's name.
If multiple workstations have the same properties, one of the existing workstations will be updated randomly.
8. How are existing mobile devices identified and updated in the application instead of being created as new mobiles?
When a new mobile device comes into the application from Intune through the sync process, the system will search for the mobile devices with either the same serial number or the same IMEI.
When mobile devices are synced from Microsoft Intune, AssetExplorer Cloud will identify these devices by their serial number and IMEI.
If the synchronized mobile phone matches an existing device, the new data will replace the existing data.
If no mobile phone is found with the same properties a new asset will be created with the newly synchronized mobile phone's serial number and IMEI.
If multiple mobile phones have the same properties, the data of one existing phone will be modified at random.
9. The customer is unable to consent to the integration. How to resolve the following error?
When the global administrator blocks their organization's users from consenting to the apps in Azure, the following error message occurs.
Follow the below steps to check if the user consent has been blocked or not.
Log in to the Microsoft Azure portal using the Global Administrator credentials.
Go to Azure Active Directory > Enterprise applications > Consent and permissions.
Select User consent setting. If the Do not allow user consent radio button is enabled under the User consent for applications, the organization users are not allowed to consent to the apps.
Related Articles
Microsoft Azure
Azure integration is an additional authorization over Microsoft single sign-on. This integration allows you to import users' department and site details in addition to the basic information from the Azure directory. Role Required: SDAdmin/OrgAdmin in ...Microsoft Azure AD User Sync
Sync users periodically from Azure Active Directory to AssetExplorer Cloud. You can import users based on criteria and custom-map Azure fields with AssetExplorer fields as required. AssetExplorer Cloud just reads user information from Azure via API ...Microsoft Office 365 Calendar
Sync technicians' leave information in AssetExplorer Cloud and Office 365 Calendar. After you enable the integration, users shall record their leave in just one of the application calendars, and the leave will be automatically synced and displayed in ...Asset FAQs
Asset Management License Consumption and Asset States Will an asset be included in license consumption if it is moved to a disposed or expired state? No, Disposed or Expired assets do not consume license. How to create an asset state similar to ...Scanned Software
AssetExplorer Cloud monitors all software in the organization, eliminating security threats and optimizing software usage. AssetExplorer Cloud scans your network to identify the software installed on workstations and manages software licenses, ...